I have made a user login where I store the info in local storage.
Is this an okay secure method?
On my second page there is a check on page enter, if the user is null it returns people to the loginpage instead.
Hi @Helmar_Trager !
Yes, it is a secure method since user object do not contain information about password.
In most of the cases web pages load user info from the server and this info can be accessed using browser devtools.
Regards, Andriy
Hello @Helmar_Trager
If you set “user data” to local storage it is no sense to set it to “data” in “Go To Page” block.
You can get this data from local storage on “SearchPage”
“data” of “Go To Page” block it is URL params for “SearchPage” URL.
It is not secure to set “user data” to URL params cause somebody can copy link or make screenshot with this URL and send somebody without realizing the confidentiality of this data.
Regards,
Viktor
Thanks for clarify! I see what you mean. Everything about the user is in that URL!
I changed it. I think I am using the build in user-system now where I can set session timeout and max login attempts.
In the following code the user is logged in and stay logged in regardless is he goes to another page.
On the Searchpage I have a code that fires when loading the page that checks if user is null and returns the user to loginpage if not. This works with the new code.